Auto-generate ATT&CK coverage matrices

DataDog / stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

https://stratus-red-team.cloud

Apache License 2.0

1.85k stars 216 forks source link

Auto-generate ATT&CK coverage matrices #95

Open christophetd opened 2 years ago

christophetd commented 2 years ago

Idea: automatically generate images showing the ATT&CK Tactics (not techniques) coverage

Columns: ATT&CK Tactics Rows: Stratus Red Team attack techniques

tmendonca28 commented 1 year ago

Hi @christophetd. I would like to contribute to this issue. Could you please provide a bit more context/detail on the above?

christophetd commented 1 year ago

Thanks for reaching out! The idea is to provide a graphical representation of Stratus Red Team attack techniques.

Something along the lines of:

One graphical representation per platform (AWS, Azure, GCP, K8s)
One column per MITRE ATT&CK Tactic (Initial access, persistence...)
One cell for each Stratus Red Team attack technique

Available data sources:

Using the Go API
Using what was introduced in #218 (run make docs to generate a YAML file with all the attack techniques)

The output might be a Markdown table or PNG image to include in the docs. Any thoughts?

tmendonca28 commented 1 year ago

Thank you very much for the explanation @christophetd. I've gone through the PR you sent over as well.

Here is my thought process:

I believe the following function returns a map of the data found in the index.yaml (where the techniques and metadata are found).
Interact with the index at this point and create a generate-coverage-matrices.go in the tools dir.
After doing so, I will output a markdown table (demarcating each of the platforms) in the docs folder. I am unsure at the moment how the process of generating a PNG from potentially a map will look like, but will see if it's possible.

Does this sound like a viable approach?

christophetd commented 1 year ago

Makes a lot of sense! Definitely, starting with a Markdown output makes sense. At some point we can try to output a stylized HTML output if we need something fancier.

Looking forward to your contribution!

christophetd commented 3 months ago

@tmendonca28 Do you still have interest in contributing?

tmendonca28 commented 3 months ago

Definitely! Sorry for dropping the ball on my end, was a bit of a busy period.

christophetd commented 3 months ago

No worries! I'll leave the issue open, feel free to pick it up whenever you feel like it :)